"Michael W. Burden" wrote: > I was reading about another firewall, and the article was mentioning > the way that firewall handles the AUTH port (113). > > Essentially, an external host could only query AUTH if it already had > an open connection. Otherwise, the firewall didn't respond at all to > an AUTH request. > > I was thinking that if this could be combined with the way that GNATBox > already handles AUTH (by responding, "hidden-user"), there would be two > advantages: > 1. We wouldn't have to deal with some newbie asking "Why is my port 113 > showing as open on a scan?" every month. > 2. A network that provides no services and is protected by a GNAT Box > could be completely invisible to a scan. Since the AUTH port wouldn't > respond to a scan (since the scanner wouldn't have an open connection), > there would be nothing to indicate to the scanner that there was even > a host at the address being scanned. > > Anyone who actively participates in this group will probably agree with me > that advantage #1 alone would be more than worth it :)
hehe... I like it!! Probably more polite than putting a filter on the GB list to send all E-mail containing the strings "why" and "port 113" to /dev/null or sending an automated reply. 8) Why is it when people learn to use nmap, they think themselves a security expert? And why do they think they are the first to point nmap at a GB system? Point 2 isn't bad, either. 8) Nick. -- http://www.holland-consulting.net/
